Improve PrivateKey handling

freckle · Sep 11, 2024 · a27cc77 · a27cc77
1 parent 287cfe5
commit a27cc77
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 12 deletions.
diff --git a/github-app-token/README.lhs b/github-app-token/README.lhs
@@ -22,6 +22,7 @@ import Prelude
 
 import Control.Lens ((^?))
 import Data.Aeson.Lens
+import Data.ByteString.Char8 qualified as BS8
 import Data.Text.Encoding (encodeUtf8)
 import GitHub.App.Token
 import Network.HTTP.Simple
@@ -32,13 +33,11 @@ example :: IO ()
 example = do
   creds <- AppCredentials
     <$> (AppId . read <$> getEnv "GITHUB_APP_ID")
-    <*> (PrivateKey <$> getEnv "GITHUB_PRIVATE_KEY")
+    <*> (PrivateKey . BS8.pack <$> getEnv "GITHUB_PRIVATE_KEY")
   installationId <- InstallationId . read <$> getEnv "GITHUB_INSTALLATION_ID"
 
-  -- Generate token
   token <- generateInstallationToken creds installationId
 
-  -- Use token
   req <- parseRequest "https://api.github.com/repos/freckle/github-app-token"
   resp <- httpLBS
     $ addRequestHeader hAccept "application/json"

diff --git a/github-app-token/github-app-token.cabal b/github-app-token/github-app-token.cabal
@@ -84,6 +84,7 @@ test-suite readme
   ghc-options: -fignore-optim-changes -fwrite-ide-info -Weverything -Wno-all-missed-specialisations -Wno-missing-exported-signatures -Wno-missing-import-lists -Wno-missing-kind-signatures -Wno-missing-local-signatures -Wno-missing-safe-haskell-mode -Wno-monomorphism-restriction -Wno-prepositive-qualified-module -Wno-safe -Wno-unsafe -pgmL markdown-unlit
   build-depends:
       base <5
+    , bytestring
     , directory
     , dotenv
     , github-app-token

diff --git a/github-app-token/package.yaml b/github-app-token/package.yaml
@@ -75,6 +75,7 @@ tests:
     main: README.lhs
     ghc-options: -pgmL markdown-unlit
     dependencies:
+      - bytestring
       - directory
       - dotenv
       - github-app-token

diff --git a/github-app-token/src/GitHub/App/Token.hs b/github-app-token/src/GitHub/App/Token.hs
@@ -3,11 +3,9 @@ module GitHub.App.Token
   , AppCredentials (..)
   , AppId (..)
   , PrivateKey (..)
-  , readPrivateKey
   , InstallationId (..)
   , AccessToken (..)
   ) where
 
 import GitHub.App.Token.AppCredentials
 import GitHub.App.Token.Generate
-import GitHub.App.Token.JWT
diff --git a/github-app-token/src/GitHub/App/Token/JWT.hs b/github-app-token/src/GitHub/App/Token/JWT.hs
@@ -5,7 +5,6 @@ module GitHub.App.Token.JWT
 
     -- * Private RSA Key data
   , PrivateKey (..)
-  , readPrivateKey
 
     -- * Errors
   , InvalidPrivateKey (..)
@@ -30,13 +29,10 @@ newtype Issuer = Issuer
   deriving stock (Show)
 
 newtype PrivateKey = PrivateKey
-  { unwrap :: String
+  { unwrap :: ByteString
   }
   deriving stock (Show)
 
-readPrivateKey :: MonadIO m => Path b File -> m PrivateKey
-readPrivateKey = fmap PrivateKey . liftIO . readFile . toFilePath
-
 newtype InvalidPrivateKey = InvalidPrivateKey PrivateKey
   deriving stock (Show)
   deriving anyclass (Exception)
@@ -63,8 +59,10 @@ signJWT expirationTime issuer privateKey = liftIO $ do
   let expiration = addUTCTime expirationTime.unwrap now
 
   signer <-
-    maybe (throwIO $ InvalidPrivateKey privateKey) pure
-      =<< JWT.rsaKeySecret privateKey.unwrap
+    maybe
+      (throwIO $ InvalidPrivateKey privateKey)
+      (pure . JWT.EncodeRSAPrivateKey)
+      $ JWT.readRsaSecret privateKey.unwrap
 
   iat <-
     maybe (throwIO $ InvalidDate "iat" now) pure